Moodle

Visiting user profile edit page using https causes site URL to appear in body ID and class

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 1.6, 1.6.1
  • Fix Version/s: 1.6.2
  • Component/s: Other
  • Labels:
    None
  • Environment:
    LAMP. PHP 5.1.4 - using acp accelerator. MySQL 4.1.20
  • Database:
    MySQL
  • URL:
    /user/edit.php?id=xxx&course=1
  • Affected Branches:
    MOODLE_16_STABLE
  • Fixed Branches:
    MOODLE_16_STABLE

Description

This only seems to occur with sites using an SSL certificate. Go to https://<yoursite>/user/edit.php?id=xxx&course1 (with your site address and user ID in the appropiate places).

If I view the source of that page it shows:

<body class="https:-moodle.nulc.ac.uk-user course-1" id="https:-moodle.nulc.ac.uk-user-edit">

Rather than the expected:

<body class="user course-1" id="user-edit">

If I replace "https" with "http" the body tag renders as expected.

This has been seen on two seperate servers, one running 1.6.1+ and the other 1.6 Beta 5.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

Hi!

Could you try adding:
//HTTPS is potentially required in this page
httpsrequired();

to /user/edit.php around line 21

Show
Petr Škoda (skodak) added a comment - Hi! Could you try adding: //HTTPS is potentially required in this page httpsrequired(); to /user/edit.php around line 21
Hide
Permalink
Charlie Owen (SonniesEdge) added a comment -

Hi Petr,

I've applied this to the 1.6.1+ server and it has worked perfectly - thank you!

Show
Charlie Owen (SonniesEdge) added a comment - Hi Petr, I've applied this to the 1.6.1+ server and it has worked perfectly - thank you!
Hide
Permalink
Charlie Owen (SonniesEdge) added a comment -

Actually, I spoke too soon - there is still a minor issue.

With the patch applied the same bug now occurs, but this time only when viewing via http! Viewing /user/edit.php via https gives a bug-free body tag.

This isn't a problem for normal users as clicking "edit profile" takes them to the https version. However, if an admin user views /admin/user.php and then clicks on "edit" they are taken to the http version.

Show
Charlie Owen (SonniesEdge) added a comment - Actually, I spoke too soon - there is still a minor issue. With the patch applied the same bug now occurs, but this time only when viewing via http! Viewing /user/edit.php via https gives a bug-free body tag. This isn't a problem for normal users as clicking "edit profile" takes them to the https version. However, if an admin user views /admin/user.php and then clicks on "edit" they are taken to the http version.
Hide
Permalink
Petr Škoda (skodak) added a comment -

You can not use http version of user/edit.php with httpslogin, we should fix all links pointing to it.

Show
Petr Škoda (skodak) added a comment - You can not use http version of user/edit.php with httpslogin, we should fix all links pointing to it.
Hide
Permalink
Charlie Owen (SonniesEdge) added a comment -

Hmmmmm. Looking further it seems that this occurs on ANY page that uses https. In fact it's possible to replicate the bug simply by changing http to https in any URL (assuming the server supports https).

I've just looked at another site (completely unrelated to ours) that also uses SSL. The bug occurs there as well.

Show
Charlie Owen (SonniesEdge) added a comment - Hmmmmm. Looking further it seems that this occurs on ANY page that uses https. In fact it's possible to replicate the bug simply by changing http to https in any URL (assuming the server supports https). I've just looked at another site (completely unrelated to ours) that also uses SSL. The bug occurs there as well.
Hide
Permalink
Petr Škoda (skodak) added a comment -

There can be only one URL per site, you can not use both https and http to access moodle site - it can not be changed, because many parts of Moodle rely on it. The only exception is enabled https login feature.

Show
Petr Škoda (skodak) added a comment - There can be only one URL per site, you can not use both https and http to access moodle site - it can not be changed, because many parts of Moodle rely on it. The only exception is enabled https login feature.
Hide
Permalink
Petr Škoda (skodak) added a comment -

closing as fixed earlier, thanks for the report

Show
Petr Škoda (skodak) added a comment - closing as fixed earlier, thanks for the report

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.